An Authenticated Trust and Reputation Calculation and Management System for Cloud and Sensor Networks Integration

118 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 10, NO. 1, JANUARY 2015
An Authenticated Trust and Reputation Calculation
and Management System for Cloud and
Sensor Networks Integration
Chunsheng Zhu, Student Member, IEEE, Hasen Nicanfar, Student Member, IEEE,
Victor C. M. Leung, Fellow, IEEE, and Laurence T. Yang, Member, IEEE
Abstract—Induced by incorporating the powerful data storage
and data processing abilities of cloud computing (CC) as well as
ubiquitous data gathering capability of wireless sensor networks
(WSNs), CC-WSN integration received a lot of attention from
both academia and industry. However, authentication as well as
trust and reputation calculation and management of cloud service
providers (CSPs) and sensor network providers (SNPs) are two
very critical and barely explored issues for this new paradigm.
To fill the gap, this paper proposes a novel authenticated
trust and reputation calculation and management (ATRCM)
system for CC-WSN integration. Considering the authenticity
of CSP and SNP, the attribute requirement of cloud service user
(CSU) and CSP, the cost, trust, and reputation of the service
of CSP and SNP, the proposed ATRCM system achieves the
following three functions: 1) authenticating CSP and SNP to avoid
malicious impersonation attacks; 2) calculating and managing
trust and reputation regarding the service of CSP and SNP;
and 3) helping CSU choose desirable CSP and assisting CSP
in selecting appropriate SNP. Detailed analysis and design as
well as further functionality evaluation results are presented to
demonstrate the effectiveness of ATRCM, followed with system
security analysis.
Index Terms—Cloud, sensor networks, integration,
authentication, trust, reputation.
I. INTRODUCTION
A. Cloud Computing (CC)
CLOUD computing (CC) is a model to enable convenient,
on-demand network access for a shared pool of config-
urable computing resources (e.g., servers, networks, storage,
applications, and services) that could be rapidly provisioned
and released with minimal management effort or service
Manuscript received February 11, 2014; revised July 8, 2014; accepted
October 8, 2014. Date of publication October 27, 2014; date of current
version December 17, 2014. This work was supported in part by a Four-Year
Doctoral Fellowship through The University of British Columbia, Vancouver,
BC, Canada, in part by the Natural Sciences and Engineering Research
Council of Canada, and in part by the Institute for Computing, Information,
and Cognitive Systems/TELUS People and Planet Friendly Home Initiative
through The University of British Columbia, Vancouver, BC, Canada, TELUS,
and other industry partners. The associate editor coordinating the review of
this manuscript and approving it for publication was Prof. Nitesh Saxena.
C. Zhu, H. Nicanfar, and V. C. M. Leung are with the Department of
Electrical and Computer Engineering, The University of British Columbia,
Vancouver, BC V6T 1Z4, Canada (e-mail: cszhu@ece.ubc.ca; hasennic@
ece.ubc.ca; vleung@ece.ubc.ca).
L. T. Yang is with the Department of Computer Science, St. Francis Xavier
University, Antigonish, NS B2G 2W5, Canada (e-mail: ltyang@stfx.ca).
Color versions of one or more of the figures in this paper are available
online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TIFS.2014.2364679
provider interaction [1]–[4]. CC is featured by that users can
elastically utilize the infrastructure (e.g., networks, servers,
and storages), platforms (e.g., operating systems and mid-
dleware services), and softwares (e.g., application programs)
offered by cloud providers in an on-demand manner. Not only
the operating cost and business risks as well as maintenance
expenses of service providers can be substantially lowered
with CC, but also the service scale can be expanded on demand
and web-based easy access for clients could be provided
benefiting from CC.
B. Wireless Sensor Networks (WSNs)
Furthermore, wireless sensor networks (WSNs) are
networks consisting of spatially distributed autonomous
sensors, which are capable of sensing the physical or envi-
ronmental conditions (e.g., temperature, sound, vibration,
pressure, motion, etc.) [5]–[7]. WSNs are widely focused
because of their great potential in areas of civilian, industry
and military (e.g., forest fire detection, industrial process
monitoring, traffic monitoring, battlefield surveillance, etc.),
which could change the traditional way for people to interact
with the physical world. For instance, regarding forest fire
detection, since sensor nodes can be strategically, randomly,
and densely deployed in a forest, the exact origin of a forest
fire can be relayed to the end users before the forest fire turns
uncontrollable without the vision of physical fire. In addition,
with respect to battlefield surveillance, as sensors are able to
be deployed to continuously monitor the condition of critical
terrains, approach routes, paths and straits in a battlefield, the
activities of the opposing forces can be closely watched by
surveillance center without the involvement of physical scouts.
C. CC-WSN Integration
Induced by incorporating the powerful data storage and
data processing abilities of CC as well as the ubiquitous data
gathering capability of WSNs, CC-WSN integration received
much attention from both academic and industrial communi-
ties (e.g., [8]–[14]). This integration paradigm is driven by the
potential application scenarios shown in Fig. 1. Specifically,
sensor network providers (SNPs) provide the sensory data
(e.g., traffic, video, weather, humidity, temperature) collected
by the deployed WSNs to the cloud service providers (CSPs).
CSPs utilize the powerful cloud to store and process the
1556-6013 © 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

ZHU et al.: ATRCM SYSTEM FOR CLOUD AND SENSOR NETWORKS INTEGRATION 119
Fig. 1. Example of application scenarios of CC-WSN integration.
sensory data and then further on demand offer the processed
sensory data to the cloud service users (CSUs). Thus CSUs can
have access to their required sensory data with just a simple
client to access the cloud. In this new paradigm, SNPs are the
data sources for CSPs, and CSUs act as the data requesters
for CSPs.
D. Research Motivation
However, during the CC-WSN integration, the following
two very critical and barely explored issues should be taken
into consideration. These two issues not only seriously impede
the CSU from obtaining the desirable service they want from
the authentic CSP, but also prevent the CSP from obtaining
the satisﬁed service from the genuine SNP.
I. Authentication of CSPs and SNPs: Malicious attackers
may impersonate authentic CSPs to communicate with
CSUs, or fake to be authentic SNPs to communicate with
CSPs. Then CSUs and CSPs cannot eventually achieve
any service from the fake CSPs and SNPs respectively.
In the meantime, the trust and reputation of the genuine
CSPs and SNPs are also impaired by these fake CSPs
and SNPs.
II. Trust and Reputation Calculation and Management of
CSPs and SNPs: Without trust and reputation calculation
and management of CSPs and SNPs, it is easy for CSU
to choose a CSP with low trust and reputation. Then
the service from CSP to CSU fails to be successfully
delivered quite often. Moreover, CSP may easily select an
untrustworthy SNP that delivers the service that the CSP
requests with an unacceptable large latency. Moreover,
the untrustworthy SNP probably may only be able to
provide the requested service for a very short time period
unexpectedly.
To the best of our knowledge, there is no research discussing
and analyzing the authentication as well as trust and reputation
of CSPs and SNPs for CC-WSN integration. Filling this gap,
this paper analyzes the authentication of CSPs and SNPs as
well as the trust and reputation about the services of CSPs and
SNPs. Further, this paper proposes a novel authenticated trust
and reputation calculation and management (ATRCM) sys-
tem for CC-WSN integration. Particularly, considering (i) the
authenticity of CSP and SNP; (ii) the attribute requirement of
CSU and CSP; (iii) the cost, trust and reputation of the service
of CSP and SNP, the proposed ATRCM system achieves the
following three functions:
1) Authenticating CSP and SNP to avoid malicious imper-
sonation attacks;
2) Calculating and managing trust and reputation regarding
the service of CSP and SNP;
3) Helping CSU choose desirable CSP and assisting CSP in
selecting appropriate SNP.
E. Research Contribution and Organization
The main contributions of this paper are summarized as
follows.
• This paper is the ﬁrst research work exploring the trust
and reputation calculation and management system with
authentication for the CC-WSN integration, which clearly

distinguishes the novelty of our work and its scientific
impact on current schemes integrating CC and WSNs.
• This paper further proposes an ATRCM system for the
CC-WSN integration. It incorporates authenticating CSP
and SNP, and then considers the attribute requirement of
CSU and CSP as well as cost, trust and reputation of
the service of CSP and SNP, to enable CSU to choose
authentic and desirable CSP and assists CSP in selecting
genuine and appropriate SNP.
For the rest parts of this paper, Section II introduces the
related work and Section III presents the system model.
Authentication about CSP and SNP as well as trust and
reputation with respect to the service of CSP and SNP are dis-
cussed and analyzed in Section IV. Details about the proposed
ATRCM system for CC-WSN integration are illustrated in
Section V. Evaluation about the ATRCM system functionality
is performed in Section VI and the analysis about the ATRCM
system security is presented in Section VII. Finally, this paper
is concluded in Section VIII.
II. RELATED WORK
In this section, current works about the CC-WSN integration
are reviewed from the following two aspects: (A) Authentica-
tion; (B) Trust and reputation.
A. Authentication
There are substantial works regarding authentication in
cloud (e.g., [15]–[17]). For instance, a user authentication
framework for CC is proposed in [18], aiming at providing
user friendliness, identity management, mutual authentication
and session key agreement between the users and the cloud
server. Paying particular attention to the lightweight of authen-
tication since the cloud handles large amounts of data in
real-time, [19] shows a lightweight multi-user authentication
scheme based on cellular automata in cloud environment.
Certificate authority based one-time password authentication
is utilized to perform authentication. Supporting anonymous
authentication, a decentralized access control scheme for
secure data storage in clouds is presented in [20]. The pro-
posed scheme provides user revocation, prevents replay attacks
as well as supports creation, modification and reading data
stored in the cloud. Observing the demerits of losing rich
information easily as well as the poor performances resulting
from the complex inputs of traditional fingerprint recognition
approaches during user authentication by [21], it introduces
a new fingerprint recognition scheme based on a set of
assembled geometric moment and Zernike moment features
to authenticate users in cloud computing communications.
About authentication in CC-WSN integration, an extensible
and secure cloud architecture model for sensor information
system is proposed in [22]. It first describes the composition
and mechanism of the proposed architecture model. Then
it puts forward security mechanism for authenticating legal
users to access sensor data and information services inside the
architecture, based on a certificate authority based Kerberos
protocol. Finally the prototype deployment and simulation
experiment of the proposed architecture model are introduced.
Focusing also on securing sensor data for sensor-cloud inte-
gration systems by [23], a user authentication scheme is
proposed by employing the multi-level authentication tech-
nique. It authenticates the password in multiple levels for
users to access cloud services so as to improve authentication
level by order of magnitude. Concerning the authentication
of the data generated by body sensor networks in [24],
it presents, analyzes and validates a practical, lightweight
robust data authentication scheme suitable for cloud-based
health-monitoring. The main idea is to utilize a Merkle hash
tree to amortise digital signature costs and use network coding
to recover strategic nodes within the tree. Experimental traces
of typical operating conditions show that over 99% of the
medical data can be authenticated at very low overheads and
cost.
To the best of our knowledge, current authentication
schemes in CC-WSN integration only focus on authenticating
users or data. Different from these schemes, our work concerns
the authentication of CSPs and SNPs, which is an ignored but
important issue in CC-WSN integration.
B. Trust and Reputation
There are a number of research works with respect to trust or
reputation of cloud (e.g., [25]–[27]). For example, focusing on
the trustworthiness of the cloud resources in [28], a framework
is proposed to evaluate the cloud resources trustworthiness, by
utilizing an amor to constantly monitor and assess the cloud
environment as well as checking the resources the armor pro-
tects. For efficient reconfiguration and allocation of cloud com-
puting resources to meet various user requests, a trust model
which collects and analyzes the reliability of cloud resources
based on the historical information of servers is proposed
in [29], so that the best available cloud resources to fulfill
the user requests can be prepared in advance. To determine
the credibility of trust feedbacks as well as managing trust
feedbacks in cloud environments, [30] presents a framework
named trust as service to improve current trust managements,
by introducing an adaptive credibility model to distinguish
the credible and malicious feedbacks. Discussing the cloud
accountability issue in [31], it first uses detective controls to
analyze the key issues to establish a trusted cloud and then
gives a trustcloud framework consisted of five abstraction lay-
ers, where technical and policy-based approaches are applied
to address accountability.
With respect to trust in the CC-WSN integration, the only
related work is [32] focusing on how trust management
could be effectively used to enhance the security of a cloud-
integrated WSN. Particularly, the security breaches regarding
data generation, data transmission and in-network processing
in the WSN integrated with cloud are observed in [32] first.
Then it shows some examples that trust can be employed to
perform trust-aware data transmission and trust-aware data
processing in the integrated WSN as well as trust-aware
services in the cloud.
For the state of the art, there is no trust and reputation
calculation and management system discussing CC-WSN
integration. Our work is the first system calculating and

TABLE I
MAIN NOTATION DEFINITIONS
managing the trust and reputation in the scenario of integrating
CC and WSNs and also takes authenticating CSPs and SNPs
into account.
III. SYSTEM MODEL
In this section, our system model is presented as follows,
while the main used notations in this paper are summarized
in Table I.
• There are multiple CSUs, CSPs and SNPs. The num-
ber of CSU, CSP and SNP are Nu, Nc and Nk,
respectively. CSUSet = {CSU1, CSU2, . . . , CSUNu }.
CSPSet = {CSP1, CSP2, . . . , CSPNc }. SN PSet =
{SN P1, SN P2, . . . , SN PNk }.
• Each CSU, CSP and SNP have several attributes.
Particularly, the data service requested and required by
the CSU owns the following attributes: data service
pay (DSP); data type (DT); data size (DS); data request
speed (DRS); data service time (DST). The cloud service
provided and managed by each CSP has the following
characteristics: cloud service charge (CSC); cloud oper-
ation cost (COC); sensor network service pay (SNSP);
cloud service type (CST); cloud server number (CSN);
cloud storage size (CSS); cloud processing speed (CPS);
cloud operation time (COT); cloud response time (CRT).
The sensor network offered and managed by each SNP
is with the following properties: sensor network service
charge (SNSC); sensor network operation cost (SNOC);
sensor type (ST); sensor node number (SNN); sensor net-
work coverage (SNC); sensor network throughput (SNT);
sensor network lifetime (SNL); sensor network response
time (SNRT).
• There is a trust value (i.e., Tcu) of each service from each
CSP to each CSU and there is a trust value (i.e., Tkc) of
each service from each SNP to each CSP. In addition,
there is a reputation value (i.e., Rc) of each service
provided by each CSP and there is a reputation value
(i.e., Rk) of each service provided by each SNP.
• Each CSU owns a minimum acceptable trust value
(i.e., Tscu) of each service from each CSP to the CSU.
Moreover, each CSP has a minimum acceptable trust
value (i.e., Tskc) of each service from each SNP to the
CSP. Similarly, each CSU owns a minimum acceptable
reputation value (i.e., Rsc) with respect to each service
of each CSP. And each CSP has a minimum acceptable
reputation value (i.e., Rsk) in terms of each service of
each SNP.
• There is a cost difference (i.e., Cc) between the CSC
of CSP and DSP of CSU for each service, i.e.,
Cc = CSC − DSP.
• There is a cost difference (i.e., Ck) between the SNSC
of SNP and SNSP of CSP for each service, i.e.,
Ck = SNSC − SNSP.
• Each CSU owns an acceptable range (i.e., Cbc) about Cc.
In addition, each CSP owns an acceptable range (i.e., Cbk)
about Ck. The interval of Cbc and Cbk are |Cbc| and |Cbk|,
respectively.
• Each CSU has three weights (i.e., αc, βc and γc) in terms
of the importance of Cc, Tcu and Rc, while αc + βc +
γc = 1. Similarly, each CSP owns three weights
(i.e., αk, βk, γk) about the importance of Ck, Tkc and
Rk, while αk + βk + γk = 1.
IV. AUTHENTICATION OF CSP AND SNP AS WELL AS
TRUST AND REPUTATION OF SERVICE OF CSP AND SNP
In this section, we ﬁrst discuss the authentication of CSP
and SNP. With that, we give some preliminaries about service
level agreement (SLA) and privacy level agreement (PLA),
followed with the preliminaries of trust and reputation and
the preliminaries of trusted center entity (TCE). Finally, we
discuss and analyze the trust and reputation with respect to
the service of CSP and SNP respectively.

A. Authentication of CSP and SNP
In this paper, as the key of our work is to enable
CSU to choose the authentic and desirable CSP as well
as assist CSP in selecting genuine and appropriate SNP,
we focus on the authentication of CSP and SNP rather
than the authentication of CSU. Specifically, the CSP
needs to prove its authenticity to CSU and SNP has
to show its authenticity to CSP. Here, ISO/IEC 27001
certification [33], [34] is applied to authenticate CSP and
SNP, as it is an internationally recognized information security
management system (ISMS) standard by the International
Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC). It requires that the
information management of an organization (e.g., CSP or
SNP) meets (i) the organization’s information security risks are
systematically examined; (ii) a coherent and comprehensive
suite of information security controls is designed and
implemented to solve those risks that are deemed
unacceptable; (iii) an overarching management process
is adopted to ensure that the information security controls
continue to satisfy the organization’s information security
needs on an ongoing basis. Particularly, it provides confidence
and assurance to trading clients of the organization, as the
security status of the organization is audited to be qualified,
by issuing a certificate with the ISO/IEC 27001 certification.
After CSP and SNP are certificated with ISO/IEC 27001,
they obtain the certificates (i.e., ctc and ctk) respectively.
B. Preliminaries of SLA and PLA
An SLA [35], [36] is a negotiated agreement between
two or more parties, in which one is the customer and the
others are service providers. In short, it is a part of a service
contract, in which a service is formally defined. SLA specifies
the levels of availability, serviceability, performance, operation
and other attributes of the service. Usually, an SLA addresses
the following segments about a service: definition, perfor-
mance measurement, problem management, duties, warranties,
termination. The subject of SLA is the result of the service
received by the customer.
An PLA [37] is an agreement to describe the level of privacy
protection that the CSP will maintain. Thus it is an appendix to
the SLA between CSU and CSP. The SLA between CSU and
CSP provides specific parameters and minimum levels on other
performance (e.g., cloud processing speed, cloud operation
time) of the cloud service, while PLA addresses information
privacy and personal data protection issues about the cloud
service.
C. Preliminaries of Trust and Reputation
Defined by Merriam Webster’s Dictionary, trust is “assured
reliance on the character, ability, strength or truth of someone
or something” and reputation is “overall quality or char-
acter as seen or judged by people in general”. However,
trust and reputation are multidisciplinary concepts with
different definitions and evaluations in various fields
(e.g., psychology, sociology, economics, philosophy, wireless
networks) [38]–[40]. For example, in the scenario of wireless
communications, “Trust of a node A in a node B is the
subjective expectation of node A receiving positive outcomes
from the interaction with node B in a specific context”.
Also, “Reputation is the global perception of a node’s
trustworthiness in a network”.
Generally, to evaluate trust from an entity (e.g., A or trustor)
to another entity (e.g., B or trustee), A needs to gather evi-
dence (e.g., honest, selfish, malicious behaviors), representing
the satisfaction, about B either through direct interaction or
information provided by third-parties [38]–[40]. With that,
trustor (A) maps the gathered information from the evidence
space to the trust space through a predefined mapping function
and an aggregation function to obtain the trustworthiness value
of trustee (B). Specifically, the trustworthiness obtained by
mapping evidences from direct interaction is known as direct
trust, while the trustworthiness achieved through mapping
evidences from third-parties is indirect trust. Furthermore,
a trustor can bring into account recent trust, which reflects only
the recent behaviors, as well as historical trust, which is built
from the past experiences and it reflects long-term behavioral
pattern. For instance, using indirect trust and historical trust
helps trustor to protect trust evaluation (and trust system
in general) from attacks such as good mouthing and bad
mouthing, or sudden selfishness of a trustee. More discussion
about these terms and definitions can be found in our
references, for instance in [41]. In addition, to evaluate reputa-
tion about a trustee (e.g., B), the aggregated trust opinion of a
group of entities are usually taken to represent the reputation
value [42], [43].
A widely used way to map the observed information
from the evidence space to the trust space is the beta
distribution [44]–[46] illustrated as follows. Let s and f
represent the (collective) amount of positive and negative
feedbacks in the evidence space about target entity, then
the trustworthiness t of a subject node is then computed
as t = s+1
f +s+2 .
D. Preliminaries of TCE
In this paper, based on the five main roles (e.g., cloud
customer, cloud provider, cloud broker, cloud auditor and
cloud carrier) in CC [47], we assume that the role of the cloud
auditor is assigned to TCE. Furthermore, we assume that TCE
consists of multiple entities in various locations with a shared
and secured database, e.g., in a data center. Specifically, the
duties of TCE are introduced as follows.
Duty 1) Receiving the copies of signed SLAs and PLAs from
CSUs, CSPs and SNPs.
Duty 2) Receiving the feedbacks from CSUs about the ser-
vices of CSPs and receiving the feedbacks from CSPs
about the services of SNPs, based on signed SLAs
and PLAs.
Duty 3) Auditing whether received copies are genuine as well
as auditing whether received feedbacks that are to
be utilized to calculate Tcu, Tkc, Rc and Rk are
genuine, by security audit, privacy impact audit and
performance audit, and etc. [48].

Duty 4) Calculating and managing (i.e. storing and updating)
Tcu, Tkc, Rc and Rk, with the genuine historical
feedbacks received from CSUs about the services of
CSPs and the genuine historical feedbacks from CSPs
about the services of SNPs based on genuinely signed
SLAs and PLAs.
Duty 5) Replying Tcu, Tkc, Rc and Rk values if these values
are requested by CSUs or CSPs.
Duty 6) Auditing whether the Tcu, Tkc, Rc and Rk values
received by CSUs and CSPs are genuine, by security
auditing, privacy impact auditing and performance
auditing, and etc. [48].
Duty 7) Monitoring the process of the proposed ATRCM
system to detect misbehaviors of CSUs, CSPs or
SNPs that affect the process of ATRCM.
E. Trust of Service of CSP
From Fig. 1, we can obtain that the fulfillment of ser-
vice of CSP needs to receive and store the raw sensory
data from SNP first. Then CSP processes the raw sensory
data and stores the processed sensory data. Finally, CSP
transmits the processed sensory data to CSU on demand.
In this process, there are various types of trust (e.g., cloud
data storage trust, cloud data processing trust, cloud data
privacy trust, cloud data transmission trust) which might
concern the CSU to choose the service of CSP. Furthermore,
for various CSUs, the types of trust that they concern are
different.
In this paper, we assume that the following three types of
trust about CSP concern the CSU to choose the service of CSP
and we further show how they are calculated.
i) Cloud Data Processing Trust: This trust is related to
whether cloud processes the raw sensory data with error.
TCE has a database which dynamically stores the
non-error number (i.e., Sc1) and error number (i.e., Fc1)
of data processing of each service from CSP to the CSU
in the history, with the feedbacks about the historical
SLAs regarding the service. The trust value of cloud
data processing trust (i.e., Tc1) is calculated by TCE via
equation (1).
Tc1 =
Sc1 + 1
Fc1 + Sc1 + 2
(1)
ii) Cloud Data Privacy Trust: This trust is about whether the
sensory data stored on cloud can be accessed by others.
Based on the feedbacks about previous PLAs regarding
the service, assume the number that the sensory data
accessed by others with respect to each service from CSP
to CSU in the history stored on TCE database is Fc2.
As CSU is generally sensitive about the data privacy,
the trust value of cloud data privacy trust (i.e., Tc2) is
presented by TCE through equation (2).
Tc2 =
1, Fc2 = 0
0, Fc2 > 0
(2)
iii) Cloud Data Transmission Trust: This trust is with respect
to whether the data transmission from CSP to CSU
is successful. Using the feedbacks of previous SLAs
regarding the service, with the success number (i.e., Sc3)
and failure number (i.e., Fc3) of data transmission of each
service from CSP to the CSU in the history on TCE
database, the cloud data transmission trust (i.e., Tc3) is
shown by TCE as per equation (3).
Tc3 =
Sc3 + 1
Fc3 + Sc3 + 2
(3)
In summary, with respect to Tcu value calculation, the
trust value Tcu of each service from CSP to CSU is cal-
culated by TCE with a combination function (i.e. C F) of
three-dimensional trust (i.e., cloud data processing trust, cloud
data privacy trust and cloud data transmission trust), as per
equation (4).
Tcu = C F(Tc1, Tc2, Tc3) (4)
Specifically, about C F, there are many different ways to
combine multi-dimensional trust. For example, a probabilistic
trust model based on the Dirichlet distribution to combine
multi-dimensional trust is shown in [49], by estimating the
probability that each contract dimension will be successfully
fulfilled as well as the correlations between these estimates.
In addition, an MeTrust model is presented in [50], enabling
each user to choose a dimension as a primary dimension
and put different weights on different dimensions for trust
calculation.
In this paper, we assume that these three types of trust
(i.e., cloud data processing trust, cloud data privacy trust and
cloud data transmission trust) are considered with equal weight
and then the minimum trust value in these three trust values
is taken as Tcu, through equation (5).
Tcu = Minimum{Tc1, Tc2, Tc3} (5)
F. Reputation of Service of CSP
In this paper, based on the feedbacks of previous SLAs
about the service, we assume that if the CSU chose the service
of the CSP, then it means that the CSU somehow trusted that
CSP and decided to use the service of the CSP. Let us assume
that the number of CSUs that chose the service of the CSP
is C Nc and the number of CSUs that needed the service to
receive from a CSP is Nu (Nu ≤ Nu). Then the reputation
value (i.e., Rc) of the service of the CSU is calculated by
TCE following [42], [43] via equation (6).
Rc =
C Nc
Nu
(6)
G. Trust of Service of SNP
Based on Fig. 1, we can also observe that the service of SNP
requires the sensor nodes to be deployed first and then sense,
store and process data to achieve data collection. At last, the
collected sensory data are transmitted from SNP to the CSP.
Similarly, in this paper, we assume that the following four
kinds of trust about SNP consist of the trust of service of SNP
in the above process.

TABLE II
AUTHENTICATION FLOWCHART OF CSP AND SNP
i) Sensor Data Collection Trust: This trust concerns whether
the sensor network collects the required sensory data with
error. Utilizing the feedbacks of previous SLAs regarding
each service, given that the non-error number and error
number of data collection of each service from SNP to
CSP in the history on the TCE database are Sk1 and Fk1,
respectively. The trust value of sensor data collection trust
(i.e., Tk1) is calculated by TCE as follows.
Tk1 =
Sk1 + 1
Fk1 + Sk1 + 2
(7)
ii) Sensor Network Lifetime Trust: This trust aims to analyze
whether the lifetime of the real deployed sensor network
matches the sensor network lifetime the SNP demon-
strates, as energy consumption is the primary concern of
sensor network. Assume that the matching number and
non-matching number of the sensor network lifetime of
each service from SNP to CSP in the history recorded by
TCE are Sk2 and Fk2 respectively, with the feedbacks of
historial SLAs regarding each service. The sensor network
lifetime trust (i.e., Tk2) is shown by TCE as follows.
Tk2 =
Sk2 + 1
Fk2 + Sk2 + 2
(8)
iii) Sensor Network Response Time Trust: This trust
researches whether the response time of the real deployed
sensor network matches the sensor network response time
the SNP demonstrates, since the response time of sensor
network is with quite uncertainty due to various factors
(e.g., sensor dies, bad weather). TCE records the matching
number (i.e., Sk3) and non-matching number (i.e., Fk2)
of the sensor network response time of each service from
SNP to CSP in the history with feedbacks about previous
SLAs. The sensor network response time trust (i.e., Tk3)
is obtained by TCE as follows.
Tk3 =
Sk3 + 1
Fk3 + Sk3 + 2
(9)
iv) Sensor Data Transmission Trust: This trust cares whether
the data transmission from SNP to CSP is success-
ful or not. TCE owns a database which dynamically
stores the success number (i.e., Sk4) and failure number
(i.e., Fk4) of data transmission of each service from SNP
to the CSP in the history, based on the feedbacks of
previous SLAs regarding each service. The sensor data
transmission trust value (i.e., Tk4) is presented by TCE as
follows.
Tk4 =
Sk4 + 1
Fk4 + Sk4 + 2
(10)
In summary, concerning Tkc value calculation, we also
assume that these four types of trust (i.e., sensor data collection
trust, sensor network lifetime trust, sensor network response
time trust and sensor data transmission trust) are considered
equally and the minimum value of these four trust values is
taken as the trust value Tkc of the service from SNP to CSP,
calculated by TCE as follows:
Tkc = Minimum{Tk1, Tk2, Tk3, Tk4} (11)
H. Reputation of Service of SNP
About Rk value calculation, with the feedbacks of previous
SLAs about the service, given that if the CSP chose the
service of an SNP, then it also means that the CSP somehow
trusted the SNP and decided to use the service of the SNP.
Further, denote that the number of CSPs that chose the service
of the SNP is C Nc and the number of CSPs that required
the service to receive from a SNP is Nc (Nc ≤ Nc), the
reputation value of the service of the SNP is calculated by
TCE following [42], [43] as follows.
Rk =
C Nk
Nc
. (12)
V. PROPOSED AUTHENTICATED TRUST AND
REPUTATION CALCULATION AND
MANAGEMENT (ATRCM) SYSTEM
A. System Overview
The proposed authenticated trust and reputation calculation
and management (ATRCM) system is introduced from the
following three parts:
Part 1) Authentication flowchart of CSP and SNP;
Part 2) Trust and reputation calculation and management
flowchart between CSU and CSPs;
flowchart between CSP and SNPs.
Specifically, Part 1) shown in Table II aims at identity
authentication of CSP and SNP to avoid malicious imper-
sonation attacks, based on the certificate of ISO/IEC 27001
certification [33], [34] illustrated in Section IV. In addition,
Part 2) and Part 3) are presented in Table III and Table IV focus
on (i) calculation and management of trust and reputation
with respect to the service of CSP and SNP as well as
(ii) helping the CSU choose desirable CSP and assisting the
CSP in selecting appropriate SNP, considering the attribute
requirement of CSU and CSP as well as cost, trust and
reputation of the service of CSP and SNP.

TABLE III
TRUST AND REPUTATION CALCULATION AND MANAGEMENT FLOWCHART BETWEEN CSU AND CSPS
TABLE IV
TRUST AND REPUTATION CALCULATION AND MANAGEMENT FLOWCHART BETWEEN CSP AND SNPS
B. Authentication Flowchart of CSP and SNP
Step 1: CSPs provide the certificate ctc to CSU and CSU
checks whether the signature of the certificate is valid
and whether the certificate is revoked. CSU filters the
CSPs that are not qualified.
Step 2: SNPs offer the certificate ctk to CSP and CSP checks
whether the signature of the certificate is valid and
whether the certificate is revoked. CSP filters the
SNPs that are not qualified.
C. Trust and Reputation Calculation and Management
Flowchart Between CSU and CSPs
Step 1: CSU checks whether the characteristics of CSPs
satisfy the attribute requirement of CSU. Filter the
CSPs that are not satisfied.
⎧
⎪⎪⎪⎨
⎪⎪⎪⎩
CST ⊇ DT
CSS ≥ DS
C PS ≥ DRS
COT ≥ DST
(13)
Step 2: CSU issues requests to TCE and achieves the
Tcu value of the service from CSP to the CSU. CSU
checks whether the Tcu value is greater than or equal
to the Tscu value. Filter the CSPs that are not satisfied.
Tcu ≥ Tscu (14)
Step 3: CSU issues requests to TCE and achieves the Rc value
of the service offered by the CSP. CSU checks
whether the Rc value is greater than or equal to the
Rsc value. Filter the CSPs that are not satisfied.
Rc ≥ Rsc (15)
Step 4: CSU calculates the Cc value between CSC of CSP
and DSP of CSU and checks whether the Cc value
is within the Cbc range. Filter the CSPs that are not
satisfied.
Cc ∈ Cbc (16)
Step 5: CSU checks whether ctc is revoked and chooses the
service offered by the CSP with the maximum Mc
and informs TCE about signed SLA or PLA.
Mc = −αc ·
Cc
|Cbc|
+ βc · Tcu + γc · Rc (17)
Step 6: CSU checks whether ctc is revoked before using the
service from the CSP. CSU sends feedbacks about
the service of the CSP to TCE based on PLA and
SLA after the termination of service. TCE stores and
updates the Tcu value as well as the Rc value with the
equations illustrated in Section IV.
D. Trust and Reputation Calculation and Management
Flowchart Between CSP and SNPs
Step 1: CSP checks whether the characteristics of SNPs
satisfy the attribute requirement of CSP. CSP also
checks whether the characteristics of SNP satisfy the
attribute requirement of CSU. Filter the SNPs that are
not satisfied.
⎧
⎪⎪⎪⎨
⎪⎪⎪⎩
ST ⊇ DT
SNC ⊇ DS
SNT ≥ DRS
SN L ≥ DST
(18)
⎧
⎪⎪⎪⎨
⎪⎪⎪⎩
CST ⊇ ST
CSS ≥ SNC
C PS ≥ SNT
COT ≥ SN L
(19)
Step 2: CSP issues requests to TCE and receives the Tkc value
of the service from SNP to the CSP. CSP checks

whether the Tkc value is more than or equal to the
Tskc value. Filter the SNPs that are not satisfied.
Tkc ≥ Tskc (20)
Step 3: CSP issues requests to TCE and receives the Rk value
of the service offered by the SNP. CSP checks whether
the Rk value is more than or equal to the Rsk value.
Filter the SNPs that are not satisfied.
Rk ≥ Rsk (21)
Step 4: CSP calculates the Ck value between SNSC of SNP
and SNSP of CSP and checks whether the Ck value
is within the Cbk range. Filter the SNPs that are not
satisfied.
Ck ∈ Cbk (22)
Step 5: CSP checks whether ctk is revoked and chooses
the service offered by the SNP with the maximum
Mk and informs TCE about signed SLA or PLA.
Mk = −αk ·
Ck
|Cbk|
+ βk · Tkc + γk · Rk (23)
Step 6: CSP checks whether ctk is revoked before utilizing
the service of the SNP. After the end of service, CSP
sends feedbacks about the service of SNP to TCE
based on SLA and PLA. TCE stores and updates
the Tkc value and the Rk value with the equations
presented in Section IV.
Note: In the aforementioned steps, during the utilization
of the service, the ctc of the chosen CSP or the ctk of the
selected SNP may still be revoked. Furthermore, the Tcu or
the Rc of the service of the chosen CSP may be lower
than Tscu or Rsc, respectively. Similarly, the Tkc or the Rk
of the service of the selected SNP is possible to be lower
than Tskc or Rsk respectively. In such cases, the system
flowcharts are performed again to enable the CSU to choose
a new CSP or make the CSP select a new SNP. In addition,
although the check of ctc, Tcu and Rc is the duty of CSU
as well as the check of ctk, Tkc and Rk is the duty of CSP,
TCE can support these duties for CSU and CSP as well if
necessary.
VI. EVALUATION OF SYSTEM FUNCTIONALITY
In this section, we evaluate whether our proposed ATRCM
system can fulfill the predetermined functions: 1) authenticat-
ing CSP and SNP to avoid malicious impersonation attacks;
2) calculating and managing trust and reputation regarding the
service of CSP and SNP; 3) helping CSU choose desirable
CSP and assisting CSP in selecting appropriate SNP, based
on (i) the authenticity of CSP and SNP; (ii) the attribute
requirement of CSU and CSP as well as (iii) the cost, trust
and reputation of the service of CSP and SNP.
A. Evaluation Setup
To perform the evaluation, all the three aimed functions
are analyzed based on the flowcharts and processes of the
corresponding functions. Particularly, the third function is eval-
uated utilizing two representative case studies to demonstrate
the effectiveness of ATRCM. Case study 1 involves a small
quantities of CSUs, CSPs and SNPs, while case study 2
involves a large number of CSUs, CSPs and SNPs. The
evaluation processes of the third function shown in these two
case studies are universal for CSUs, CSPs and SNPs with other
attributes and parameters.
B. Evaluation Results
1) Authenticating CSP and SNP: With respect to the
authentication of CSP and SNP, Part 1) authentication
flowchart of CSP and SNP shown in Section V presents the
detailed steps.
Based on the flowchart, we can observe that if a malicious
attacker impersonates the authentic CSP or authentic SNP,
then it needs to own the ctc certificate or the ctk certificate
first. If it cannot provide a certificate, then it is not a genuine
organization. In addition, even if the malicious attacker further
a) offers a fake certificate (e.g., f ctc or f ctk) or b) provides
a real but revoked certificate (e.g., rctc or rctk), it still cannot
launch the impersonation attacks, since CSU and CSP check
whether the signature of the certificate is valid and whether
the certificate is revoked.
Thus, we can achieve that our proposed ATRCM system is
able to prevent malicious impersonation attacks, by enforcing
the CSP or SNP providing a valid certificate. Meanwhile, as
the valid certificate of CSP and SNP are obtained through
ISO/IEC 27001 certification, the CSU will start trading with
CSP and CSP will begin trading with SNP, with more
confidence and assurance.
2) Calculating and Managing Trust and Reputation of
Service of CSP and SNP: For the calculation and management
of trust and reputation with respect to the service of the CSP
and SNP, the detailed processes are illustrated in Section IV.
Particularly, calculation and management of trust regarding
the service of the CSP are based on cloud data processing
trust (i.e., Tc1 shown in equation (1)), cloud data privacy trust
(i.e., Tc2 shown in equation (2)) and cloud data transmission
trust (i.e., Tc3 shown in equation (3)). The minimum value of
Tc1, Tc2 and Tc3 is the trust value of the service of the CSP.
Moreover, the history that CSUs chose the service of the CSP
and the history that CSUs needed the service to receive from a
CSP are utilized to calculate and manage the reputation about
the service of the CSP (i.e., Rc shown in equation (6)).
Furthermore, calculating and managing the trust of the
service of the SNP take sensor data collection trust (i.e., Tk1
presented in equation (7)), sensor network lifetime trust
(Tk2 presented in equation (8)), sensor network response time
trust (i.e., Tk3 presented in equation (9)) as well as sensor
data transmission trust (i.e., Tk4 presented in equation (10))
into account. The trust value of the service of the SNP is
the minimum value of Tk1, Tk2, Tk3 and Tk4. Finally, the
calculation and management of the reputation of the service
of the SNP (i.e., Rk presented in equation (12)) are based on
the history that CSPs selected the service of the SNP and the
history that CSPs required the service to receive from a SNP.

TABLE V
PARAMETERS OF CSUs AND QUALIFIED CSPs
TABLE VI
PARAMETERS OF QUALIFIED CSPs AND SNPS
From the above analysis, we can obtain that the proposed
ARTCM system is capable of calculating and managing the
trust and reputation about the service of CSP and SNP.
3) Helping CSU Choose Desirable CSP and Assisting CSP
in Selecting Appropriate SNP: Regarding helping CSU to
choose desirable CSP as well as assisting CSP in selecting
appropriate SNP, Part 2) Trust and reputation calculation
and management flowchart between CSU and CSPs and
flowchart between CSP and SNPs shown in Section V, present
the detailed mechanisms to validate our demonstration.
Specifically, from equation (17) and equation (23), we can see
that the cost and trust as well as the reputation of the service
of CSP and SNP are utilized for CSU and CSP to make the
corresponding choice.
Case Study 1: In the following sample case study, there are
three CSUs, four CSPs and five SNPs. With the filter process
of the Step 1 of Part 2) and Part 3), we assume that one CSP
and two SNPs are filtered out as their attributes do not satisfy
the requirements. Then there are three CSUs, three CSPs and
three SNPs, in which all characteristics of CSPs satisfy the
attribute requirement of CSUs and all characteristics of SNPs
satisfy the attribute requirement of CSPs.
In the following, Table V shows the detailed parameters
with respect to CSUs and qualified CSPs about Cc, Tcu,
Rc, Cbc, Tscu and Rsc, which will be used from Step 2
to Step 5 of Part 2). And table VI presents the detailed
parameters regarding qualified CSPs and SNPs, that will be
utilized from Step 2 to Step 5 of Part 3) about Ck, Tkc, Rk,
Cbk, Tskc and Rsk. Moreover, two typical weight sets about
αc, βc, γc as well as αk, βk and γk are used to validate
the effectiveness. In weight set 1, CSUs and CSPs take Cc,
Tcu and Rc all into account. For weight set 2, CSUs and CSPs
only consider one of Ck, Tkc and Rk.
TABLE VII
WEIGHT SET 1 OF CSUs AND CORRESPONDING CHOICES
TABLE VIII
WEIGHT SET 1 OF QUALIFIED CSPs AND
CORRESPONDING CHOICES
TABLE IX
WEIGHT SET 2 OF CSUs AND CORRESPONDING CHOICES
TABLE X
WEIGHT SET 2 OF QUALIFIED CSPs AND
CORRESPONDING CHOICES
Weight set 1 of CSUs and the corresponding choices with
respect to CSPs are shown in Table VII. Meanwhile, weight
set 1 of qualified CSPs and the corresponding choices with
respect to SNPs are shown in Table VIII. With equation (17)
and equation (23), we can get that CSU1, CSU2 and CSU3
all choose CSP3 as shown in Table VII. In addition, CSP1,
CSP2 and CSP3 all select SN P1 as presented in Table VIII.
Furthermore, Table IX and Table X present weight set 2 of
CSUs and the corresponding choices with respect to CSPs as
well as weight set 2 of qualified CSPs and the corresponding
choices with respect to SNPs, respectively. Similarly, based on
equation (17) and equation (23), we can obtain that CSU1 and
CSU2 select CSP3 while CSU3 chooses CSP1 as presented
in Table IX. Meanwhile, CSP1 chooses SN P3 while CSP2
and CSP3 both select SN P1 as shown in Table X.
Case Study 2: In the following sample case study, there
are one hundred CSUs, one hundred and fifty CSPs and
two hundred SNPs. With the filter process of the Step 1 of
Part 2) and Part 3), we suppose that fifty CSPs and one hundred
SNPs are filtered out as their characteristics are not satisfied.
Then there are one hundred CSUs, one hundred CSPs and
one hundred SNPs, in which all characteristics of CSPs satisfy
the attribute requirement of CSUs and all characteristics of
SNPs satisfy the attribute requirement of CSPs.
In the following, the detailed parameters with respect to
CSUs and qualified CSPs about Cc, Tcu, Rc, Cbc, Tscu and
Rsc are randomly initialized and they will be utilized from
Step 2 to Step 5 of Part 2). Similarly, the detailed parameters
about qualified CSPs and SNPs are randomly initialized and

Fig. 2. Different weight set for a CSU and Corresponding Choice About CSP.
Fig. 3. Different weight set for a qualiﬁed CSP and corresponding choice
about SNP.
they will be used from Step 2 to Step 5 of Part 3) about Ck,
Tkc, Rk, Cbk, Tskc and Rsk. In addition, one hundred different
weight sets about αc, βc, γc as well as αk, βk and γk are
randomly initialized to validate the effectiveness.
Different weight sets for a CSU and the corresponding
choices regarding CSPs are shown in Fig. 2. Meanwhile,
different weight sets for a qualiﬁed CSP and the corre-
sponding choices regarding SNPs are shown in Fig. 3. With
equation (17) and equation (23), we can get that the CSU
can choose CSP and CSP can choose SN P as shown in
Fig. 2 and Fig. 3, respectively.
4) Summary: From the above evaluation results, we can
observe that our proposed ATRCM system is indeed able
to assist the CSU in selecting authentic and desirable CSP
as well as help CSP choose authentic and appropriate SNP,
considering (i) the authenticity of CSP and SNP and (ii) the
attribute requirement of CSU and CSP as well as (iii) the cost,
trust and reputation of the service of CSP and SNP.
Moreover, we can deduce that different weight sets do not
always change the corresponding results for CSU to choose
CSP, by comparing the weight sets and corresponding choices
about CSPs in Table VII with that in Table IX and observing
the corresponding choices about CSPs with different weight
sets shown in Fig. 2. Similarly, the corresponding choices for
CSP to select SNP are not always be affected by changing
weight sets, comparing the weight sets and corresponding
choices about SNPs in Table VIII with that in Table X and
observing the corresponding choices about SNPs with different
weight sets presented in Fig. 3.
VII. ANALYSIS OF SYSTEM SECURITY
In this section, we analyze our proposed ATRCM system
from the view of security by providing a few adversary models,
in which we follow Dolev-Yao approach [51]. Particularly,
we analyze whether ATRCM is immune to the following
four attacks [52], [53] (i.e., good mouthing attack, bad
mouthing attack, collusion attack and white-washing attack).
A. First Adversary Model: Good Mouthing and
Bad Mouthing Attacks
1) Mechanism: The adversary (e.g., a malicious CSU or
a malicious CSP) provides a malicious feedback about its
experience with another party (a CSP or a SNP). For
example, a malicious CSU provides a malicious feedback
about its experience with a CSP or a malicious CSP provides
a malicious feedback about its experience with a SNP, even if
the experience actually does not exist. The feedback could be
wrong positive feedback (i.e., good mouthing attack) or wrong
negative feedback (i.e., bad mouthing attack).
2) Initial Capability: The adversary knows the operational
mechanism of ATRCM system and is free to produce wrong
feedbacks about any service of any CSP or any SNP.
3) Capability During the Attack: During the attack, the
adversary is able to send feedbacks periodically to the TCE
about the experience via a secure communication.
4) Discussion: The good mouthing and bad mouthing attack
cannot maliciously subvert the trust or reputation value as the
adversary wishes, because of the following:
• False feedbacks from the adversary to the TCE will not
be utilized to calculate the trust or reputation value, as
whether the feedbacks received by TCE are genuine are
audited by TCE.
• The trust and reputation of a CSP or a SNP on providing a
service are largely dependent on the historical feedbacks
of previous SLAs or PLAs about the service, meaning
that the historical trust values can effectively maintain
the trust or reputation.

B. Second Adversary Model: Collusion Attack
1) Mechanism: The adversaries (i.e., malicious CSUs or
malicious CSPs or malicious SNPs) collude other parties
mutually (e.g., a malicious CSU collude a malicious CSP or
a malicious CSP collude a malicious SNP) and participate in
events that generate real positive feedbacks for the colluding
participants.
2) Initial Capability: The adversaries know about the oper-
ational mechanism of ATRCM system and they are free to
collude any CSP or any SNP mutually.
adversaries are able to to change their colluding parties
dynamically, without noticing TCE.
4) Discussion: From [54], since the colluders are synthesiz-
ing events that create verifiable feedbacks between CSUs and
CSPs or between CSPs and SNPs in a collective way, they are
able to improve their trust and reputation values faster than the
honest participants or counter the effects of possible negative
feedbacks. Thus, it is hard to mitigate the collusion attack,
without detecting and reacting to the groups of colluders who
interact exclusively with each other, while discovering these
colluders that are formulated as discovering a clique of a
certain size within a graph is known to be NP-complete and
only heuristic-based solutions have been proposed.
On the other hand, to launch the collusion attack, since
TCE is supposed to be informed about the signed SLAs or
PLAs and TCE is capable of monitoring the process of system
(i.e., TCE has the role of the cloud auditor), TCE should sense
the service delivery at the minimum. Therefore, in case of
this attack, the colluding participants should initially report
dummy SLAs or PLAs to TCE followed by bogus feedbacks,
and then do not actually deliver the service. However, if the
service delivery is not actually performed, TCE will detect
this. Thus, TCE can detect this attack and further filter out the
bogus feedbacks.
Note: In case of the first and second adversary models,
since in the trust and reputation management system
punishment is a normal action after finding a malicious entity,
the TCE punishes the attacker. For instance, the TCE can filter
out the feedbacks initiated by an adversary after finding an
attack lunched by the adversary. Then, the TCE can decrease
the services provided to the adversary to punish the adversary.
Therefore, these attacks are costly for the adversary and the
high cost can prevent the adversary to perform the attacks.
C. Third Adversary Model: White-Washing Attack
1) Mechanism: The adversary (e.g., a malicious CSP or a
malicious SNP) resets a poor trust or reputation, by rejoining
the system with a new identity and a fresh trust or reputation.
2) Initial Capability: The adversary knows the operational
mechanism of ATRCM system, and is free to re-enter the
system at any time with a new identity and a fresh trust or
reputation.
adversary is able to switch their identities dynamically, without
informing TCE.
4) Discussion: The white-washing attack cannot mislead
the honest customers by resetting a poor trust or reputation
as the adversary wishes, because of the following:
• In case of a malicious CSU, the adversary can rejoin the
system only to lunch other attacks such as bad mouthing
attack. However, since the trust and reputation evaluation
of CSU is not within our system targets, rejoining the
system does not affect the trust or reputation value of
the CSU. In fact, these two values are not utilized by
ATRCM system.
• When a malicious CSP or a malicious SNP rejoins the
system as a new identity, it needs to be authenticated
by the CSU or the CSP based on the ISO/IEC 27001
certification, then the CSU or the CSP will know its
original identity and rejoining purpose.
• The trust and reputation are different in the ATRCM
system in terms of newcomers and participants that have
shown good behaviors for a long time. Thus, it is hard to
cheat the honest customers by letting them easily choose
newcomers.
• Finally, even if the adversary resets its negative trust
value and restarts as a fresh entity, in return the adversary
loses its reputation completely (as per equation (6) and
equation (12)). Furthermore, the reputation is a positive
value all the time, and resetting it puts the adversary in
a vulnerable and risky position of not being selected by
any customer for a long time (as per equation (17) and
equation (23)).
VIII. CONCLUSION
In this paper, we advancingly explored the authentication
as well as trust and reputation calculation and management
of CSPs and SNPs, which are two very critical and barely
explored issues with respect to CC and WSNs integration.
Further, we proposed a novel ATRCM system for CC-WSN
integration. Discussion and analysis about the authentication
of CSP and SNP as well as the trust and reputation with respect
to the service provided by CSP and SNP have been presented,
followed with detailed design and functionality evaluation
about the proposed ATRCM system. All these demonstrated
that the proposed ATRCM system achieves the following three
functions for CC-WSN integration: 1) authenticating CSP and
SNP to avoid malicious impersonation attacks; 2) calculat-
ing and managing trust and reputation regarding the service
of CSP and SNP; 3) helping CSU choose desirable CSP and
assisting CSP in selecting appropriate SNP, based on (i) the
authenticity of CSP and SNP; (ii) the attribute requirement
of CSU and CSP; (iii) the cost, trust and reputation of the
service of CSP and SNP. In addition, our system security
analysis powered by three adversary models showed that our
proposed system is secure versus main attacks on a trust and
reputation management system, such as good mouthing, bad
mouthing, collusion and white-washing attacks, which are the
most important attacks in our case.
REFERENCES
[1] Q. Zhang, L. Cheng, and R. Boutaba, “Cloud computing: State-of-the-
art and research challenges,” J. Internet Services Appl., vol. 1, no. 1,
pp. 7–18, 2010.

[2] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, “Cloud
computing and emerging IT platforms: Vision, hype, and reality for
delivering computing as the 5th utility,” Future Generat. Comput. Syst.,
vol. 25, no. 6, pp. 599–616, Jun. 2009.
[3] J. Baliga, R. W. A. Ayre, K. Hinton, and R. S. Tucker, “Green cloud
computing: Balancing energy in processing, storage, and transport,”
Proc. IEEE, vol. 99, no. 1, pp. 149–167, Jan. 2011.
[4] K. M. Sim, “Agent-based cloud computing,” IEEE Trans. Services
Comput., vol. 5, no. 4, pp. 564–577, Fourth Quarter 2012.
[5] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “Wireless
sensor networks: A survey,” Comput. Netw., Int. J. Comput. Telecommun.
Netw., vol. 38, no. 4, pp. 393–422, Mar. 2002.
[6] C. Zhu, L. Shu, T. Hara, L. Wang, S. Nishio, and L. T. Yang,
“A survey on communication and data management issues in mobile
sensor networks,” Wireless Commun. Mobile Comput., vol. 14, no. 1,
pp. 19–36, Jan. 2014.
[7] M. Li and Y. Liu, “Underground coal mine monitoring with wireless
sensor networks,” ACM Trans. Sensor Netw., vol. 5, no. 2, Mar. 2009,
Art. ID 10.
[8] M. Yuriyama and T. Kushida, “Sensor-cloud infrastructure—Physical
sensor management with virtualized sensors on cloud computing,” in
Proc. 13th Int. Conf. Netw.-Based Inf. Syst., Sep. 2010, pp. 1–8.
[9] G. Fortino, M. Pathan, and G. Di Fatta, “BodyCloud: Integration of
cloud computing and body sensor networks,” in Proc. IEEE 4th Int.
Conf. Cloud Comput. Technol. Sci., Dec. 2012, pp. 851–856.
[10] Y. Takabe, K. Matsumoto, M. Yamagiwa, and M. Uehara, “Proposed
sensor network for living environments using cloud computing,” in Proc.
15th Int. Conf. Netw.-Based Inf. Syst., Sep. 2012, pp. 838–843.
[11] R. Hummen, M. Henze, D. Catrein, and K. Wehrle, “A cloud design for
user-controlled storage and processing of sensor data,” in Proc. IEEE
4th Int. Conf. Cloud Comput. Technol. Sci., Dec. 2012, pp. 232–240.
[12] C. Zhu, V. C. M. Leung, L. T. Yang, X. Hu, and L. Shu, “Collaborative
location-based sleep scheduling to integrate wireless sensor networks
with mobile cloud computing,” in Proc. IEEE Globecom Workshops,
Dec. 2013, pp. 452–457.
[13] C. Zhu, V. C. M. Leung, H. Wang, W. Chen, and X. Liu, “Providing
desirable data to users when integrating wireless sensor networks with
mobile cloud,” in Proc. IEEE 5th Int. Conf. Cloud Comput. Technol.
Sci., Dec. 2013, pp. 607–614.
[14] A. Alamri, W. S. Ansari, M. M. Hassan, M. S. Hossain, A. Alelaiwi,
and M. A. Hossain, “A survey on sensor-cloud: Architecture, applica-
tions, and approaches,” Int. J. Distrib. Sensor Netw., vol. 2013, 2013,
Art. ID 917923.
[15] S. Grzonkowski and P. Corcoran, “Sharing cloud services: User authen-
tication for social enhancement of home networking,” IEEE Trans.
Consum. Electron., vol. 57, no. 3, pp. 1424–1432, Aug. 2011.
[16] M.-H. Guo, H.-T. Liaw, L.-L. Hsiao, C.-Y. Huang, and C.-T. Yen,
“Authentication using graphical password in cloud,” in Proc. 15th Int.
Symp. Wireless Pers. Multimedia Commun., Sep. 2012, pp. 177–181.
[17] H. A. Dinesha and V. K. Agrawal, “Multi-dimensional password gen-
eration technique for accessing cloud services,” Int. J. Cloud Comput.,
Services Archit., vol. 2, no. 3, pp. 31–39, Jun. 2012.
[18] A. J. Choudhury, P. Kumar, M. Sain, H. Lim, and H. Jae-Lee, “A strong
user authentication framework for cloud computing,” in Proc. IEEE
Asia-Pacific Services Comput. Conf., Dec. 2011, pp. 110–115.
[19] S.-H. Shin, D.-H. Kim, and K.-Y. Yoo, “A lightweight multi-user
authentication scheme based on cellular automata in cloud environment,”
in Proc. IEEE 1st Int. Conf. Cloud Netw., Nov. 2012, pp. 176–178.
[20] S. Ruj, M. Stojmenovic, and A. Nayak, “Decentralized access control
with anonymous authentication of data stored in clouds,” IEEE Trans.
Parallel Distrib. Syst., vol. 25, no. 2, pp. 384–394, Feb. 2014.
[21] J. Yang et al., “A fingerprint recognition scheme based on assembling
invariant moments for cloud computing communications,” IEEE Syst. J.,
vol. 5, no. 4, pp. 574–583, Dec. 2011.
[22] P. You and Z. Huang, “Towards an extensible and secure cloud architec-
ture model for sensor information system,” Int. J. Distrib. Sensor Netw.,
vol. 2013, Jul. 2013, Art. ID 823418.
[23] H. A. Dinesha, R. Monica, and V. K. Agrawal, “Formal modeling for
multi-level authentication in sensor-cloud integration system,” Int. J.
Appl. Inf. Syst., vol. 2, no. 3, pp. 1–6, May 2012.
[24] S. T. Ali, V. Sivaraman, and D. Ostry, “Authentication of lossy data in
body-sensor networks for cloud-based healthcare monitoring,” Future
Generat. Comput. Syst., vol. 35, pp. 80–90, Jun. 2014.
[25] K. Hwang and D. Li, “Trusted cloud computing with secure resources
and data coloring,” IEEE Internet Comput., vol. 14, no. 5, pp. 14–22,
Sep./Oct. 2010.
[26] A. Barsoum and A. Hasan, “Enabling dynamic data and indirect mutual
trust for cloud computing storage systems,” IEEE Trans. Parallel Distrib.
Syst., vol. 24, no. 12, pp. 2375–2385, Dec. 2013.
[27] X. Li and J. Du, “Adaptive and attribute-based trust model for service
level agreement guarantee in cloud computing,” IET Inf. Secur., vol. 7,
no. 1, pp. 39–50, Mar. 2013.
[28] M. Kuehnhausen, V. S. Frost, and G. J. Minden, “Framework for
assessing the trustworthiness of cloud resources,” in Proc. IEEE Int.
Multi-Discipl. Conf. Cognit. Methods Situation Awareness Decision
Support, Mar. 2012, pp. 142–145.
[29] H. Kim, H. Lee, W. Kim, and Y. Kim, “A trust evaluation model for
QoS guarantee in cloud systems,” Int. J. Grid Distrib. Comput., vol. 3,
no. 1, pp. 1–9, 2010.
[30] T. H. Noor and Q. Z. Sheng, “Trust as a service: A framework for trust
management in cloud environments,” in Proc. 12th Int. Conf. Web Inf.
Syst. Eng., 2011, pp. 314–321.
[31] R. K. L. Ko et al., “TrustCloud: A framework for accountability and trust
in cloud computing,” in Proc. IEEE World Congr. Services, Jul. 2011,
pp. 584–588.
[32] O. Savas, G. Jin, and J. Deng, “Trust management in cloud-integrated
wireless sensor networks,” in Proc. Int. Conf. Collaboration Technol.
Syst., May 2013, pp. 334–341.
[33] C. Pelnekar, “Planning for and implementing ISO 27001,” Inf. Syst. Audit
Control Assoc. J., vol. 4, 2011.
[34] Information Technology—Security Techniques—Information Security
Management Systems—Requirements, ISO/IEC Standard 27001:2013,
2013.
[35] N. Karten, How to Establish Service Level Agreements, 2003.
[36] P. Wieder, J. M. Butler, W. Theilmann, and R. Yahyapour, Service Level
Agreements for Cloud Computing, 2011.
[37] Privacy Level Agreement Outline for the Sale of Cloud Services in the
European Union, Cloud Security Alliance, 2013.
[38] H. Yu, Z. Shen, C. Miao, C. Leung, and D. Niyato, “A survey of trust
and reputation management systems in wireless communications,” Proc.
IEEE, vol. 98, no. 10, pp. 1755–1772, Oct. 2010.
[39] J.-H. Cho, A. Swami, and I.-R. Chen, “A survey on trust management
for mobile ad hoc networks,” IEEE Commun. Surv. Tuts., vol. 13, no. 4,
pp. 562–583, Fourth Quarter 2011.
[40] K. Govindan and P. Mohapatra, “Trust computations and trust dynamics
in mobile adhoc networks: A survey,” IEEE Commun. Surveys Tuts.,
vol. 14, no. 2, pp. 279–298, Second Quarter 2012.
[41] A. Das and M. M. Islam, “SecuredTrust: A dynamic trust computation
model for secured communication in multiagent systems,” IEEE Trans.
Depend. Secure Comput., vol. 9, no. 2, pp. 261–274,
Mar./Apr. 2012.
[42] J. M. Pujol, R. Sangüesa, and J. Delgado, “Extracting reputation in multi
agent systems by means of social network topology,” in Proc. 1st Int.
Joint Conf. Auton. Agents Multiagent Syst., 2002, pp. 467–474.
[43] C. Zhu, H. Wang, V. C. M. Leung, L. Shu, and L. T. Yang,
“An evaluation of user importance when integrating social networks
and mobile cloud computing,” in Proc. IEEE Global Commun. Conf.,
Dec. 2014.
[44] A. Josang and R. Ismail, “The beta reputation system,” in Proc. 15th
Bled Electron. Commerce Conf., 2002, pp. 324–337.
[45] S. Ganeriwal, L. K. Balzano, and M. B. Srivastava, “Reputation-based
framework for high integrity sensor networks,” ACM Trans. Sensor
Netw., vol. 4, no. 3, May 2008, Art. ID 15.
[46] T. Qin, H. Yu, C. Leung, Z. Shen, and C. Miao, “Towards a trust
aware cognitive radio architecture,” ACM SIGMOBILE Mobile Comput.
Commun. Rev., vol. 13, no. 2, pp. 86–95, Apr. 2009.
[47] W. Viriyasitavat and A. Martin, “A survey of trust in workflows
and relevant contexts,” IEEE Commun. Surv. Tuts., vol. 14, no. 3,
pp. 911–940, Third Quarter 2012.
[48] US Government Cloud Computing Technology Roadmap Volume II
Release 1.0 (Draft), Nat. Inst. Standard Technol., Gaithersburg, MD,
USA, Nov. 2011.
[49] S. Reece, A. Rogers, S. Roberts, and N. R. Jennings, “Rumours and
reputation: Evaluating multi-dimensional trust within a decentralised
reputation system,” in Proc. 6th Int. Joint Conf. Auton. Agents Multiagent
Syst., 2007, pp. 1063–1070.
[50] G. Wang and J. Wu, “Multi-dimensional evidence-based trust manage-
ment with multi-trusted paths,” Future Generat. Comput. Syst., vol. 27,
no. 5, pp. 529–538, May 2011.
[51] D. Dolev and A. C. Yao, “On the security of public key protocols,”
IEEE Trans. Inf. Theory, vol. 29, no. 2, pp. 198–208,
Mar. 1983.

[52] Y. L. Sun, Z. Han, W. Yu, and K. J. R. Liu, “A trust evaluation
framework in distributed networks: Vulnerability analysis and defense
against attacks,” in Proc. 25th IEEE Int. Conf. Comput. Commun.,
Apr. 2006, pp. 1–13.
[53] Y. Sun and Y. Liu, “Security of online reputation systems: The evolution
of attacks and defenses,” IEEE Signal Process. Mag., vol. 29, no. 2,
pp. 87–97, Mar. 2012.
[54] K. Hoffman, D. Zage, and C. Nita-Rotaru, “A survey of attack and
defense techniques for reputation systems,” ACM Comput. Surv., vol. 42,
no. 1, Dec. 2009, Art. ID 1.
Chunsheng Zhu (S’12) received the B.E. degree in
network engineering from the Dalian University of
Technology, Dalian, China, in 2010, and the
M.Sc. degree in computer science from St. Francis
Xavier University, Antigonish, NS, Canada, in 2012.
He is currently pursuing the Ph.D. degree with the
Department of Electrical and Computer Engineer-
ing, The University of British Columbia, Vancouver,
BC, Canada. He has authored around 40 papers
by refereed international journals (e.g., the IEEE
TRANSACTIONS ON INDUSTRIAL ELECTRONICS,
the IEEE TRANSACTIONS ON COMPUTERS, the IEEE TRANSACTIONS ON
EMERGING TOPICS IN COMPUTING, and the IEEE SYSTEMS JOURNAL)
and conferences (e.g., the IEEE Global Communications Conference and
the IEEE International Conference on Communications). His current research
interests are mainly in the areas of wireless sensor networks and mobile cloud
computing.
Hasen Nicanfar (S’11) received the B.A.Sc. degree
in electrical engineering from the Sharif Univer-
sity of Technology, Tehran, Iran, in 1993, and the
M.A.Sc. degree in computer networks from Ryerson
University, Toronto, ON, Canada, in 2011.
He is currently pursuing the Ph.D. degree with the
Department of Electrical and Computer Engineering,
The University of British Columbia, Vancouver, BC,
Canada. From 1993 to 2010, he worked in different
positions, such as the IT/ERP Manager, the Project
Manager, and a Business and System Analyst. His
research interests are in the areas of trust, security and privacy in wireless
communication, computer network, and cloud computing.
Victor C. M. Leung (S’75–M’89–SM’97–F’03)
received the B.A.Sc. (Hons.) degree in electri-
cal engineering from The University of British
Columbia (UBC), Vancouver, BC, Canada, in 1977,
and was awarded the APEBC Gold Medal as the
Head of the Graduating Class from the Faculty
of Applied Science. He attended graduate school
at UBC on a Natural Sciences and Engineer-
ing Research Council Postgraduate Scholarship and
completed the Ph.D. degree in electrical engineering
in 1981.
He was a Senior Member of Technical Staff and Satellite System Specialist
at MPR Teltech Ltd., Burnaby, BC, Canada, from 1981 to 1987. In 1988,
he was a Lecturer with the Department of Electronics, Chinese University
of Hong Kong, Hong Kong. He joined UBC as a faculty member in 1989,
where he is currently a Professor and the TELUS Mobility Research Chair in
Advanced Telecommunications Engineering with the Department of Electrical
and Computer Engineering. He has coauthored over 700 technical papers
in international journals and conference proceedings, 29 book chapters, and
coedited eight book titles. Several of his papers have been selected for best
paper awards. His research interests are in the areas of wireless networks and
mobile systems.
Dr. Leung is a Registered Professional Engineer in the Province of British
Columbia, Canada. He is a fellow of the Royal Society of Canada, the
Engineering Institute of Canada, and the Canadian Academy of Engineering.
He was a Distinguished Lecturer of the IEEE Communications Society. He
is an Editorial Board Member of the IEEE WIRELESS COMMUNICATIONS
LETTERS, Computer Communications, and several other journals. He has
served on the Editorial Boards of the IEEE JOURNAL ON SELECTED
AREAS IN COMMUNICATIONS-WIRELESS COMMUNICATIONS SERIES, the
IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, the IEEE TRANS-
ACTIONS ON VEHICULAR TECHNOLOGY, the IEEE TRANSACTIONS ON
COMPUTERS, and the Journal of Communications and Networks. He has
guest-edited many journal special issues, and contributed to the organizing
committees and technical program committees of numerous conferences and
workshops. He was a recipient of the IEEE Vancouver Section Centennial
Award and the 2012 UBC Killam Research Prize.
Laurence T. Yang (M’97) received the B.E. degree
in computer science and technology from Tsinghua
University, Beijing, China, and the Ph.D. degree in
computer science from the University of Victoria,
Victoria, BC, Canada.
He is currently a Professor with the Department
of Computer Science, St. Francis Xavier Univer-
sity, Antigonish, NS, Canada. His research interests
include parallel and distributed computing, embed-
ded and ubiquitous/pervasive computing, and big
data. He has published over 200 papers in vari-
ous refereed journals (around 1/3 on the IEEE/ACM TRANSACTIONS and
JOURNALS, and others mostly on Elsevier, Springer, and Wiley journals).
His research has been supported by the National Sciences and Engineering
Research Council of Canada, and the Canada Foundation for Innovation.

An Authenticated Trust and Reputation Calculation and Management System for Cloud and Sensor Networks Integration

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Viewers also liked

Viewers also liked (8)

Similar to An Authenticated Trust and Reputation Calculation and Management System for Cloud and Sensor Networks Integration

Similar to An Authenticated Trust and Reputation Calculation and Management System for Cloud and Sensor Networks Integration (20)

Recently uploaded

Recently uploaded (20)

An Authenticated Trust and Reputation Calculation and Management System for Cloud and Sensor Networks Integration